This month, Microsoft released a fix for the MSHTML zero-day that emerged earlier in September. And it fixes a serious remote code execution bug in the WLAN AutoConfig service. There’s also a fix for a serious bug in Apple iOS. So, let’s get started!
Microsoft fixes MSHTML zero-day
Earlier this month, Microsoft released a security advisory for a remote code execution vulnerability (CVE-2021-40444) in Microsoft MSHTML, the rendering engine that Office apps use in Windows to display web content. The advisory said:
An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user…
Source link
